`read_user` does not seem to be respected, even when configured as an app scope

Summary

read_user does not seem to be respected, even when configured as an app scope

Possible duplicate of #214414 (closed); but I don't know, so filing a new issue just in case.

Steps to reproduce

1. Go to https://lists.strugee.net/accounts/login/?next=/postorius/lists/
2. Click the GitLab button to sign in
3. If necessary, sign into GitLab so you get the authorization screen

Example Project

N/A

What is the current bug behavior?

The authorization screen says "This application will have access to:" and then has nothing (i.e., an empty list). Additionally, when I'm redirected back to lists.strugee.net, I get an error. I can't find the exact JSON error response in the logs and I don't feel like hacking up the app to output it (I'm deploying other people's code) but it seems pretty clear that GitLab did not grant access to the user email.

Note that if I additionally enable the read_api scope the same thing happens, but if I enable the api scope (for a total of 3 enabled scopes), then things work correctly - the authorization screen shows the correct scope, and the login to lists.strugee.net works.

What is the expected correct behavior?

I should see the correct scope listed in the authorization screen, and the application should be granted access to the user's public information.

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Possible fixes

Not sure. Seems like a regression from the fix in gitlab-foss#33022 (closed), maybe the same underlying cause as #214414 (closed).